@homebridge/ciao No license 8 versions

@homebridge/ciao

npm Repository Homepage

8

Versions

—

License

No

Install Scripts

Verified

Provenance

Supply chain provenance

Status for the latest visible version.

SLSA provenance attestation npm registry signatures gitHead linked

Maintainers

oznunorthernmansuperegkhaostebaauwdustin.greifnfarinabwp91

Keywords

ciaorfc-6762rfc-6763multicast-dnsdns-sdbonjourzeroconfzero-configurationmdnsmdns-sdservice-discovery

Accepted risks

Findings the reviewer chose to accept rather than block on.

Source	Rule	Reason	Accepted by	When
typosquat	typosquat.levenshtein:pino	AI (typosquat): @homebridge/ciao is a legitimate scoped mDNS/DNS-SD library under the homebridge org; Levenshtein match to 'pino' is a false positive with no relationship between the packages.	ai	2026/04/25
semgrep	semgrep:child-process-import	AI (semgrep): child_process is legitimately used in NetworkManager.js to query OS network interfaces, which is standard and expected for an mDNS library.	ai	2026/04/25

Versions (showing 8 of 8)

Version	Deps	Published
1.3.9	4 / 13	2026-05-25
1.3.8	4 / 13	2026-05-04
1.3.7	4 / 13	2026-04-26
1.3.6	4 / 13	2026-03-29
1.3.5	4 / 13	2026-02-07
1.3.4	4 / 13	2025-07-23
1.3.3	4 / 13	2025-06-16
1.3.2	4 / 13	2025-06-08

v1.3.9

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.8

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.7

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.6

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.5

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.4

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.3

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.

v1.3.2

1 finding

INFO Has SLSA provenance attestation provenance

Published via CI/CD with Sigstore attestation (predicate: https://slsa.dev/provenance/v1). This is the strongest supply chain integrity signal.